From: Sean Christopherson <seanjc@google.com>
To: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Maxim Levitsky <mlevitsk@redhat.com>,
kvm@vger.kernel.org, jmattson@google.com,
syzbot <syzbot+f1d2136db9c80d4733e8@syzkaller.appspotmail.com>,
bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
joro@8bytes.org, linux-kernel@vger.kernel.org, mingo@redhat.com,
pbonzini@redhat.com, syzkaller-bugs@googlegroups.com,
tglx@linutronix.de, wanpengli@tencent.com, x86@kernel.org
Subject: Re: [syzbot] WARNING in nested_vmx_vmexit
Date: Mon, 6 Dec 2021 16:45:06 +0000 [thread overview]
Message-ID: <Ya4+EprYtyvj5J5U@google.com> (raw)
In-Reply-To: <87k0gh675j.fsf@redhat.com>
On Mon, Dec 06, 2021, Vitaly Kuznetsov wrote:
> Sean Christopherson <seanjc@google.com> writes:
> > I objected to the patch[*], but looking back at the dates, it appears that I did
> > so after the patch was queued and my comments were never addressed.
> > I'll see if I can reproduce this with a selftest. The fix is likely just:
> >
> > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> > index dc4909b67c5c..927a7c43b73b 100644
> > --- a/arch/x86/kvm/vmx/vmx.c
> > +++ b/arch/x86/kvm/vmx/vmx.c
> > @@ -6665,10 +6665,6 @@ static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu)
> > * consistency check VM-Exit due to invalid guest state and bail.
> > */
> > if (unlikely(vmx->emulation_required)) {
> > -
> > - /* We don't emulate invalid state of a nested guest */
> > - vmx->fail = is_guest_mode(vcpu);
> > -
> > vmx->exit_reason.full = EXIT_REASON_INVALID_STATE;
> > vmx->exit_reason.failed_vmentry = 1;
> > kvm_register_mark_available(vcpu, VCPU_EXREG_EXIT_INFO_1);
> >
> > [*] https://lore.kernel.org/all/YWDWPbgJik5spT1D@google.com/
Boom. VCPU_RUN exits with KVM_EXIT_INTERNAL_ERROR.
diff --git a/tools/testing/selftests/kvm/x86_64/vmx_close_while_nested_test.c b/tools/testing/selftests/kvm/x86_64/vmx_close_while_nested_test.c
index 2835a17f1b7a..4f77c5d7c7b9 100644
--- a/tools/testing/selftests/kvm/x86_64/vmx_close_while_nested_test.c
+++ b/tools/testing/selftests/kvm/x86_64/vmx_close_while_nested_test.c
@@ -27,6 +27,11 @@ enum {
/* The virtual machine object. */
static struct kvm_vm *vm;
+static void l2_guest_infinite_loop(void)
+{
+ while (1);
+}
+
static void l2_guest_code(void)
{
/* Exit to L0 */
@@ -53,6 +58,9 @@ static void l1_guest_code(struct vmx_pages *vmx_pages)
int main(int argc, char *argv[])
{
vm_vaddr_t vmx_pages_gva;
+ struct kvm_sregs sregs;
+ struct kvm_regs regs;
+ int r;
nested_vmx_check_supported();
@@ -83,4 +91,17 @@ int main(int argc, char *argv[])
TEST_FAIL("Unknown ucall %lu", uc.cmd);
}
}
+
+ memset(®s, 0, sizeof(regs));
+ vcpu_regs_get(vm, VCPU_ID, ®s);
+ regs.rip = (u64)l2_guest_infinite_loop;
+ vcpu_regs_set(vm, VCPU_ID, ®s);
+
+ memset(&sregs, 0, sizeof(sregs));
+ vcpu_sregs_get(vm, VCPU_ID, &sregs);
+ sregs.tr.unusable = 1;
+ vcpu_sregs_set(vm, VCPU_ID, &sregs);
+
+ r = _vcpu_run(vm, VCPU_ID);
+ TEST_ASSERT(0, "Unexpected return from L2, r = %d, exit_reason = %d", r, vcpu_state(vm, VCPU_ID)->exit_reason);
}
------------[ cut here ]------------
WARNING: CPU: 6 PID: 273926 at arch/x86/kvm/vmx/nested.c:4565 nested_vmx_vmexit+0xd59/0xdb0 [kvm_intel]
CPU: 6 PID: 273926 Comm: vmx_close_while Not tainted 5.15.2-7cc36c3e14ae-pop #279
Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014
RIP: 0010:nested_vmx_vmexit+0xd59/0xdb0 [kvm_intel]
Call Trace:
vmx_leave_nested+0x30/0x40 [kvm_intel]
nested_vmx_free_vcpu+0x16/0x20 [kvm_intel]
vmx_free_vcpu+0x4b/0x60 [kvm_intel]
kvm_arch_vcpu_destroy+0x40/0x160 [kvm]
kvm_vcpu_destroy+0x1d/0x50 [kvm]
kvm_arch_destroy_vm+0xc1/0x1c0 [kvm]
kvm_put_kvm+0x187/0x2a0 [kvm]
kvm_vm_release+0x1d/0x30 [kvm]
__fput+0x95/0x250
task_work_run+0x5f/0x90
do_exit+0x3c8/0xab0
do_group_exit+0x47/0xb0
__x64_sys_exit_group+0x14/0x20
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
next prev parent reply other threads:[~2021-12-06 16:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-05 13:42 [syzbot] WARNING in nested_vmx_vmexit syzbot
2021-12-06 9:16 ` Vitaly Kuznetsov
2021-12-06 16:05 ` Sean Christopherson
2021-12-06 16:16 ` Vitaly Kuznetsov
2021-12-06 16:45 ` Sean Christopherson [this message]
2021-12-06 17:21 ` Sean Christopherson
2021-12-06 17:22 ` Sean Christopherson
2021-12-07 8:20 ` Maxim Levitsky
2021-12-07 11:20 ` syzbot
2021-12-07 19:19 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ya4+EprYtyvj5J5U@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=syzbot+f1d2136db9c80d4733e8@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.